OK maybe...but wouldn't that be translating an IP address of the neighboring router to something it really isn't & botch up the OSPF table on the remote router? Or are you suggesting something different than what I'm thinking? My first impression is that this probably can't be done but I'm always open to finding ways to do the impossible ;)
----- Original Message ----- From: "Gareth Hinton" To: Sent: Tuesday, October 30, 2001 6:35 PM Subject: Re: OSPF across PIX [7:24608] > Can you set up a network address translation both ways so that the routers > think they're talking to a router on the same subnet? > > Big guessing going on here (on my part). > > > Gareth > > > ""pat"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Thanks for your repply. > > > > When I try to specify outside router as neighbor using > > neighbor command > > I get "OSPF: Neighbor address does not map to an > > interface". How do I resolve > > this issue ? > > > > What do you mean by "If you are doing NAT then a > > global and > > nat combination need to represent the internal IP > > addresses > > to the outside network"...? Can you give can example? > > > > I am doing NAT on firewall. > > > > The Ip address are as follows > > > > Inside router Ethernet 10.10.2.1 > > Firewall inside 10.10.2.1 > > Firewall outside 138.12.48.2 > > Outside Router ethernet 138.12.48.1 > > > > > > Thanks a lot for everybody's response. > > > > > > > > --- "Engelhard M. Labiro" > > wrote: > > > Sorry, replying my own message. > > > The access-list below assumes that you are able to > > > use nat 0 command (no NAT translation will occur > > > for the internal IP addressess to be seen from > > > outside > > > network). If you are doing NAT then a global and > > > nat combination need to represent the internal IP > > > addresses > > > to the outside network, before applying the > > > access-list below. > > > > > > Hope you get the idea. > > > > > > > Since OSPF uses IP protocol 89, permit this > > > protocol between > > > > the two OSPF routers with access-list applied at > > > outside and inside > > > > PIX interfaces, something like this: > > > > access-list 101 permit 89 host 1.1.1.1 host > > > 2.2.2.2 > > > > access-list 102 permit 89 host 2.2.2.2 host > > > 1.1.1.1 > > > > access-group 101 interface inside > > > > access-group 102 interface outside > > > > > > > > At the OSPF routers, put neighbour command, so > > > they can speak > > > > each other directly without multicasting the hello > > > packets. > > > > > > > > Hope you get the idea. > > > > > > > > ----- Original Message ----- > > > > From: "pat" > > > > To: > > > > Sent: Tuesday, October 30, 2001 1:01 PM > > > > Subject: OSPF across PIX [7:24608] > > > > > > > > > > > > > Does anybody has any ideas on how to run OSPF > > > across > > > > > firewall. What ports to be open & how to make > > > router > > > > > esablish nighbour relations across firewall. > > > > > > > > > > Any thought on this will be greatly appriciated. > > > > > > > > > > Thanks, > > > > > patterson. > > > > > > > > > > > > > __________________________________________________ > > > > > Do You Yahoo!? > > > > > Make a great connection at Yahoo! Personals. > > > > > http://personals.yahoo.com > > [EMAIL PROTECTED] > > > > > > __________________________________________________ > > Do You Yahoo!? > > Make a great connection at Yahoo! Personals. > > http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24730&t=24608 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
